Either HTTPS or Get Booted out
In the coming July 2018, Chrome will come down heavily on websites that have not implemented Secure-socket Layer/Transport Security, which will be marked as insecure with a red triangle. So website owners need to put their act together.
Looking to the security breach in the recent times, it was already foreseen that one-day websites will have to secure themselves with a mark to win the trust of the visitors. This was well predicted in the year 2010, and there are instances where Firesheep showed us how the Wi-Fi connection was stolen.
To get things done, it is very necessary that website install the X.506 Digital certificate, commonly called SSL certificate on the server. A third party Certificate-Authority will authenticate the website and issue a Digital Certificate, which ensures the website is authentic and can be trusted. The SSL certificate is primarily to ensure the visitors that they are looking at the website for the content they intend to.
There are many CAs like Comodo IT Services, Network solutions, and Symantec. The prices range accordingly, and the most cost-effective comes from Comodo. It all ranges from $50 to $500 to get a certificate, and obviously, it helps. Encryption is very important, and website with commercial business can back-up their security with a warranty.
A website owner can also certify their own website by self-signing their certificate, but it will not serve the purpose since visitors are not sure if the site is intended for what it is known for.
Types of Website Security
Before deploying any certificate you must know there are three different SSL certificate types. These are, in order of business capability: Domain Validation (DV) SSL Certificates, Organization Validation (OV) SSL Certificates, and Extended Validation (EV) SSL Certificates.
Before you take the plunge into SSL certificate, you should know the three different types of SSL certificate.
- Domain Validation (DV)
- SSL Certificate
- Organization Validation (OV)
- Extended Validation
Every certificate serves its own purpose, and vary with different levels of encryption to use. You can even fetch a 256-bit encryption and go up to 2018 bit certificates and it all depends on your discrepancy.
In the early days DV was mostly to do with a self-signed certificate, but now due to the excess of Encryption requirement and security vulnerabilities, DV is often signed by a CA.
RapidSSL is one player that offers CAs even GeoTrust and Comodo. It signifies that the website is authenticated and an Admin has the right to access the website. A DV is enough to secure your website.
The domain owner is validated by Organization Validation, and this includes the complete information about the website owner, city, state, and country. This is the new minimum certification criteria for a commercial website.
The best choice for a website that is into serious business is EV. This validates the domain owners. It takes some time for the CA to finish the process and get one, but remember a website with EV means you will have a green address bar on all browsers.
The certificates come in two flavors, and the first one is domain certificate, which doesn’t cost much. And as the name suggests it protects the single website, but at the same time protects multiple sub-domains. If you want to cover multiple sub-domains with EV certificate, you can avail discount, but then you get a huge security that covers all your sub-domain.
So how do you get started with Encryption?
The easiest way to get a certificate is to go for DV certificates. If you’re not doing e-commerce from within your site, you can encrypt DC may be all you need.
- Secure: TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Automatic: Software running on a web server can get a certificate, securely configure it for use, and automatically take care of renewal.
- Free: Anyone who owns a domain name can use get a trusted certificate.
- Transparent: All certificates issued will be publicly recorded and available inspection.
So, what is holding you to take the plunge and secure your website? Encryption or EV from a renowned CA will make a lot of difference to your website.
Julia Sowells178 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.